Holdup time measurement for solid state drives

ABSTRACT

In one embodiment, a solid state drive (SSD) with power loss protection (PLP) includes a SSD controller, a secondary controller and a power circuit configured to supply power to the SSD from a power source during normal operation and backup power from a backup power source in response to a loss of power supplied by the power source. In the event of a loss of power, the secondary controller is configured to track the holdup time, or duration of time for which the primary controller can operate on backup power. In one embodiment, the holdup time tracked by the secondary controller is stored in a non-volatile memory in communication with the secondary controller.

FIELD OF THE INVENTION

This invention generally relates to measurement of holdup time duringpower loss protection (PLP) for solid state drives (SSDs).

BACKGROUND OF THE INVENTION

SSDs achieve much of their performance by maintaining critical datastructures in volatile memory, which allows quick access during runtime.Use of volatile memory during runtime presents a problem if power issuddenly lost as volatile memory depends upon being powered to store andmaintain the data in memory. Upon the loss of power to a volatilememory, the data stored in volatile memory will be lost. Accordingly, itis necessary to save critical data structures stored in volatile memoryto non-volatile memory before power to the SSD falls below a thresholdrequired for SSD operation. To address this issue, many SSDs includecapacitors with high capacitance (e.g., supercapacitors, tantalumcapacitors, etc.) to provide backup power for a short period of timeafter the loss of power. The use of a backup power source in an SSDhelps prevent data loss due to a power outage or power loss. Thisfeature is generally referred to as power loss protection (PLP).

When a power outage or power loss occurs for a host device (e.g., acomputer) with an SSD, the energy stored by the supercapacitor providesbackup power for a short time for the SSD to complete pending commands,save critical data and shut down properly. Without this, the SSD may notinitialize properly for a subsequent boot. For example, if the volatilememory loses critical data such as the logical to physical mapping tableof data (i.e., a table storing the mapping between the logical addressused by the host to refer to data and the address at which data isphysically located within non-volatile memory), the SSD may be unusableor may require a long data structure rebuild that requires the SSD toscan the entire drive and determine where data is located.

When an SSD with PLP is unable to save critical data to non-volatilememory, there are two possible failures that could have occurred. Eitherthe SSD firmware failed to complete the power loss procedure whileoperating on backup power (e.g., procedure failed to start) or thebackup power source was unable to provide power long enough for the SSDfirmware to complete the power loss procedure. To identify the cause ofthe failure that resulted in the loss of critical data from volatilememory, it is necessary to identify how long the SSD was able toproperly operate after loss of power.

One technique for measuring the duration of SSD operation on backuppower measures the time from detecting a loss of power to when the SSDfirmware power loss procedure completes. This technique is notachievable. If the SSD firmware logs completion of the power lossprocedure, the procedure will have completed successfully and the drivewill restart normally. If the SSD firmware fails to complete the powerloss procedure, the duration of SSD operation on backup power will notbe logged.

Another problem with using the SSD to measure the duration of SSDoperation is that the SSD itself is not capable of identifying themoment at which it can longer operate as the SSD will have stoppedoperating at that point in time. As such, it is not possible to log anunsuccessful power loss procedure.

Accordingly, there is an unmet demand for SSDs with PLP that canefficiently and reliably measure the duration of SSD operation on backuppower to identify the cause of an improper SSD shut down.

BRIEF DESCRIPTION OF THE INVENTION

In one embodiment, an SSD with PLP includes a primary controlleroperable at a first voltage, a secondary controller operable at a secondvoltage that is less than the first voltage, and a power circuit. Thepower circuit is configured to supply power to the primary controllerand the secondary controller from a power source during normal operationof the SSD and from a backup power source in response to a loss of powersupplied by the power source. The secondary controller is furtherconfigured to track a time from the loss of power supplied by the powersource to a reset of the primary controller.

In one embodiment a host device comprises the power source that suppliespower to the primary controller and the secondary controller duringnormal operation of the SSD. In another embodiment a capacitor or abattery comprises the backup power sources that supplies power to theSSD in response to a loss of power supplied by the power source duringnormal operation.

In one embodiment, the loss of power is detected when the power suppliedby the power source during normal operation has fallen below a firstpredefined threshold. Further, the reset of the primary controlleroccurs in response to the backup power source falling below a secondpredefined threshold. In one embodiment, the secondary controller isconfigured to detect the power source falling below the first predefinedthreshold and the backup power source falling below the secondpredefined threshold.

In one embodiment, the secondary controller includes a timer to trackthe time from the loss of power supplied by the power source to a resetof the primary controller. In one embodiment, the secondary controlleris configured to track the time by causing a bit to be stored atpredefined time intervals in a non-volatile memory in communication withthe secondary controller. In one embodiment, the secondary controller isconfigured to cause the time to be stored in the non-volatile memory atpredefined time intervals.

In one embodiment, the primary controller is configured to transfercritical information from a volatile memory in communication with theprimary controller to a non-volatile memory in communication with theprimary controller. In on embodiment, the critical informationtransferred from the volatile memory to the non-volatile memory is alogical to physical address update log.

In one embodiment, a non-volatile memory is a component of the secondarycontroller.

In one embodiment, a method of PLP for an SSD includes supplying powerfrom a power source during normal operation of the SSD and from a backuppower source in response to a loss of power supplied by the powersource. The method further includes supplying power to a primarycontroller operable at a first voltage, a secondary controller operableat second voltage that is less than the first voltage, and anon-volatile memory in communication with the secondary controller. Themethod further includes tracking a time from the loss of power to areset of the primary controller.

In one embodiment, the method includes supplying backup power from acapacitor or a battery. In one embodiment, the method includes detectingthe power source falling below a first predefined threshold. In oneembodiment, the method includes detecting the backup power sourcefalling below a second predefined threshold.

In one embodiment, the method includes storing an indication of thetracked time at predefined time intervals. In one embodiment, the methodincludes storing critical information in response to the loss of powerin a second non-volatile memory in communication with the primarycontroller. In one embodiment, the method includes storing an L2P updatelog in response to the loss of power.

In one embodiment, the method includes storing the tracked time afterregaining power from the power source.

BRIEF DESCRIPTION OF THE FIGURES

FIG. 1 is a block diagram of one embodiment of an SSD with PLP that usesa secondary controller.

FIG. 2 is a timing diagram of one embodiment of an SSD with PLPillustrating the measurement of holdup time.

FIG. 3 is a block diagram of one embodiment of an SSD with PLP.

FIG. 4 is a block diagram of one embodiment of an SSD with PLP.

FIG. 5 is a flowchart of steps for one embodiment of measuring theholdup time of an SSD with PLP.

DETAILED DESCRIPTION OF THE INVENTION

FIG. 1. is a block diagram illustrating one embodiment of an SSD withPLP 100. SSD controller 101 communicates with non-volatile memory 103through connection 137 and volatile memory 105 through connection 135.Non-volatile memory 103 can be, but is not limited to, an EEPROM, NAND,NOR, MRAM, PCM, PCME, PRAM, PCRAM, PMC, RRAM, NRAM, Ovonic UnifiedMemory, Chalcogenide Ram and/or C-RAM, or any other type of non-volatilememory known in the art, and volatile memory 105 can be, but is notlimited to, DRAM, SRAM, T-RAM, Z-RAM and/or any other type of volatilememory known in the art. SSD controller 101 stores and retrieves datafrom the volatile memory 105 during normal operation to allow quickaccess of data during run time. SSD controller 101 may periodicallystore data in the non-volatile memory 103 as well.

During normal operation, a host interface 109 supplies power to theother devices of SSD with PLP 100. Host interface 109 transfers powerover a connection 123 to a power fail switch 111. Power fail switch 111may be an electromechanical switch, a switching circuit composed oftransistors or MOSFETs or any other type of switch known in the art.Power fail switch 111 transfers power from the host interface 109 to apower monitor 113 over a connection 141. Power monitor 113 includes anumber of voltage regulators (not shown) that regulate the powerreceived from host interface 109 to emit regulated voltages for each ofthe devices of the SSD with PLP 100, including a regulated voltage 127for volatile memory 105, a regulated voltage 125 for non-volatile memory103, a regulated voltage 129 for SSD controller 101 and a regulatedvoltage 131 for a secondary controller 131. Power monitor 113 and powerfail switch 111 can be implemented as part of a power circuit.

Power monitor 113 monitors the power supplied by connection 141 todetermine if a loss of power occurs that may cause a loss of regulatedvoltages 125, 127, 129 and 131. A loss of power from the host interface109 may occur for a number of reasons, including, for example, removalof the SSD from the system during operation, a hardware failure, loss ofelectrical power to the host device due to a power outage, or a largeload on the host device that causes a temporary drop out in the powersupplied from host interface 109. A loss of power may be detected bydetermining that the power supplied by connection 141 falls below apredefined threshold (e.g., 5 volts) for a predefined period of time(e.g., 5 milliseconds). Alternatively, it may be desirable to use only apredefined voltage threshold for detecting a loss of power as someapplications may require detecting an instantaneous loss of power. Whenpower monitor 113 detects a loss of power, power monitor 113 immediatelyemits a Supercap Enable signal to enable backup power to be suppliedfrom a supercapacitor 115 and emits a PFAIL signal 117 identifying theloss of power to the SSD controller 101 and the secondary controller107. Supercapacitor 115 supplies backup power to power monitor 113through connection 141.

Upon receiving the PFAIL signal 117, the SSD controller 101 ceasesnormal operation and begins performing a power loss procedure to processpending commands and save critical data structures to non-volatilememory 103 before power is lost to SSD controller 101 and/or volatilememory 105. The power loss procedure may comprise various steps. SSDcontroller 101 may be programmed to acknowledge the completion of eachstep of the power loss procedure by sending a signal via a communicationchannel 139 to the secondary controller 107. Upon receiving PFAIL signal117, the secondary controller immediately starts a timer

The SSD with PLP 100 is capable of switching to the backup power source,supercapacitor 115, within a short period of time after detecting a lossof power from host interface 109. Depending on the components used,switching may be accomplished as quickly as a few microseconds or evennanoseconds, resulting in no perceptible change to regulated voltages125, 127, 129 and 131. With the supply of backup power, the chargeaccumulated within supercapacitor 115 will decline in relation to a loadpresented by the components of SSD with PLP 100. Typically, the size orvalue selected for supercapacitor 115 powers the SSD with PLP 100 for asufficient duration of time that allows SSD controller 101 to completeits power loss procedure. If the size or value selected forsupercapacitor 115 is too small, the voltage of supercapacitor 115 maydrop below the threshold for maintaining regulated voltages 125, 127 or129. If regulated voltages 125, 127 or 129 lose regulation SSDcontroller 101, non-volatile memory 103 and/or volatile memory 105 maystop functioning before the SSD controller 101 can complete its powerloss procedure. However, even if the size or value selected forsupercapacitor 115 is correct, it is also possible that a hardware issuemay cause supercapacitor 115 to malfunction.

Power monitor 113 monitors the connection 141 to determine when thevoltage supplied by supercapacitor 115 drops below a predefinedthreshold that represents the minimum regulated voltage at which SSDcontroller 101 can continue to operate. When power monitor 113 detectsthe voltage of supercapacitor 115 falls below the threshold voltage,power monitor 113 emits RESET signal 121 to SSD controller 101, which isalso monitored by secondary controller 107. RESET signal 121 causes theSSD controller 101 to cease all operations and shut down prior toregulated voltage 129 dropping below the minimum operable voltage of SSDcontroller 101.

When secondary controller 107 receives PFAIL signal 117, the secondarycontroller 107 starts a timer to track holdup time or the duration oftime for which the SSD controller 101 can operate on backup powersupplied by the backup power source, supercapacitor 115.

In one embodiment, the timer of secondary controller 107 can be a 200 Hzclock signal having a period of 5 ms from one rising edge to another(i.e., predefined interval or period of the clock signal). Each time 5ms elapses (i.e., on each rising or falling edge) the secondarycontroller 107 tracks the holdup time by transmitting a HOLDUP TIMEsignal 119 to a second non-volatile memory 143 causing the secondnon-volatile memory 143 to store a holdup time bit (i.e., “0” or “1”).Second non-volatile memory 143 can be, but is not limited to, an EEPROM,NAND, NOR MRAM, PCM, PCME, PRAM, PCRAM, PMC, RRAM, NRAM, Ovonic UnifiedMemory, Chalcogenide Ram and/or C-RAM, or any other type of non-volatilememory known in the art. If the SSD controller 101 sent anacknowledgement to the secondary controller 107 indicating thecompletion of a particular step of the power loss procedure, thesecondary controller 107 can also cause the acknowledgement to be storedin the second non-volatile memory 143 When the secondary controller 107receives RESET signal 121, the timer stops and the total number ofholdup time bits stored in the second non-volatile memory 143 representsthe holdup time of SSD controller 101 during backup power. For example,if the timer of secondary controller 107 is a 200 Hz clock signal and 20holdup time bits are stored in non-volatile memory, the holdup time bitsindicate that the SSD controller 101 operated for a holdup time of 100milliseconds.

In another embodiment, when the secondary controller 107 receives PFAILsignal 117, the secondary controller 107 erases a portion of the secondnon-volatile memory 143 by setting all bits in the portion of memory toa single value (e.g., “1” or “0”). The secondary controller 107 alsostarts a timer to track holdup time or the duration of time for whichthe SSD controller 101 can operate on backup power supplied by thebackup power source, supercapacitor 115.

For example, in one embodiment, the secondary controller 107 can erase a32-byte page in secondary non-volatile memory 143 (e.g., an EEPROM) bysetting all bits to a value of “1.” Accordingly, each byte of the32-byte page will have 8 bit set to a value of “1.” The timer ofsecondary controller 107 can be a 200 Hz clock signal having a period of5 ms from one rising edge to another (i.e., predefined interval orperiod of the clock signal). Each time 5 ms elapses (i.e., on eachrising or falling edge) the secondary controller 107 transmits a HOLDUPTIME signal 119 to the second non-volatile memory 143 causing the secondnon-volatile memory 143 to transition a bit in the 32-byte page from a“1” to a “0.” After 40 ms, the secondary controller 107 will havetransitioned all 8 bits in the first byte of the 32-byte page from a “1”to a “0,” causing the secondary controller 107 to start transitioningbits in the next byte of the 32-bye page in second non-volatile memory143 during subsequent cycles of the 5 ms timer. If the SSD controller101 sent an acknowledgement to the secondary controller 107 indicatingthe completion of a particular step of the power loss procedure, thesecondary controller 107 can also cause the acknowledgement to be storedin the second non-volatile memory 143. When the secondary controller 107receives RESET signal 121, the timer stops and the total number of “0”bits stored in the 32-byte page of the second non-volatile memory 143represents the holdup time of SSD controller 101 during backup power.For example, if the timer of secondary controller 107 is a 200 Hz clocksignal and 83 “0” bits are stored in the 32-byte page (i.e., 10-bytesstoring 8 “0” bits and an 11th-byte storing 3 “0” bits) of the secondnon-volatile memory 143, the holdup time bits indicate that the SSDcontroller 101 operated for a holdup time of 415 milliseconds. Secondnon-volatile memory 143 can be, but is not limited to, EEPROM, NAND,NOR, MRAM, PCM, PCME, PRAM, PCRAM, PMC, RRAM, NRAM, Ovonic UnifiedMemory, Chalcogenide Ram and/or C-RAM, or any other type of non-volatilememory known in the art.

In another embodiment, when secondary controller 107 receives PFAILsignal 117, a timer starts to track the duration of time for which theSSD controller 101 can operate on backup power. Secondary controller 107periodically transmits HOLDUP TIME signal 119 to store the currentholdup time in the second non-volatile memory 143. A separate signaloperates within the secondary controller 107 and initiates thetransmission and storage of the holdup time each time a predefinedinterval elapses. For example, if a 200 Hz clock signal is used, every 5ms (i.e., predefined interval or period of the clock signal) thesecondary controller 107 transmits HOLDUP TIME signal 119 to store themeasured holdup time in second non-volatile memory 143. After 5 ms, thevalue stored in non-volatile memory is 5 ms, after 10 ms, the valuestored in non-volatile memory is 10 ms, etc. The benefit to thisapproach is that the latest measurement of holdup time is always storedin the second non-volatile memory 143 and does not need to be calculatedas in the case of tracking the holdup time by storing bits (describedabove). However, this approach requires more free memory than storingbits as the measured holdup time is stored at predefined intervals.

If the SSD controller 101 is unable to complete the power loss procedureduring backup power, the holdup time stored in non-volatile memory 103indicates the duration of time for which SSD controller 101 operated onbackup power and the acknowledgement stored in the second non-volatilememory 143 identifies the last step of the power loss procedurecompleted by SSD controller 101. When the SSD with PLP 100 regainspower, the SSD controller 101 sends a signal over communication channel145 to the secondary controller 107 requesting that the secondarycontroller 107 return the holdup time and/or acknowledgements. If theholdup time was tracked by storing holdup time bits in the secondnon-volatile memory 143, the secondary controller 107 calculates theholdup time and transmits the calculated holdup time to the SSDcontroller 101 over communication channel 145 along with anyacknowledgements. If the holdup time was tracked by storing the holduptime at predefined intervals, the secondary controller 107 retrieves thelast holdup time and returns the holdup time to the SSD controller 101over communication channel 145 along with any acknowledgements. When theSSD controller 101 receives the holdup time and/or acknowledgments fromthe secondary controller 107, the SSD controller 101 stores theinformation in an operational log.

Preferably, secondary controller 107 and second non-volatile memory 143operate at voltages that are lower than the minimum operable voltage ofthe SSD controller 101. Accordingly, secondary controller 107 and secondnon-volatile memory 143 will continue to operate on the backup powerprovided by supercapacitor 115 for a period of time after SSD controller101 received the RESET signal 121.

The embodiment of FIG. 1 does not require that the power monitor 113detects the loss of power and emits PFAIL signal 117 and RESET signal121. This functionality can be incorporated in the secondary controller107. Secondary controller 107 can monitor power from the host interface109 and when the secondary controller 107 detects a loss of power, thesecondary controller 107 can emit the PFAIL signal 117 to the SSDcontroller 101 and the Supercap Enable signal to the power fail switch111. When the backup power voltage drops below a predefined threshold,the secondary controller 107 can emit the RESET signal 121 to shut downthe SSD controller 101 before the regulated voltage 129 drops below athreshold representing the minimum operable voltage of the SSDcontroller 101. Alternatively, the SSD controller 101 could monitorpower from the host interface 109 and when a loss of power is detected,the SSD controller 101 could immediately begin performing its power lossprocedure. The SSD controller 101 could further notify the secondarycontroller 107 of the detected power loss by emitting PFAIL signal 117and could cause the power fail switch 111 to switch to supercapacitor115 by emitting the Supercap Enable signal.

Although the embodiment of FIG. 1 describes the backup power source as asupercapacitor, any type of power source can be used, including tantalumcapacitors or a battery.

In another embodiment, second non-volatile memory 143 can be an internalcomponent of secondary controller 107. In this embodiment, HOLDUP TIMEsignal 119 would be an internal signal of secondary controller 107 tocommunicate with the second non-volatile memory 143. In anotherembodiment, non-volatile memory 103 can be used by the secondarycontroller 107 to store the tracked holdup time and/or acknowledgements,eliminating the need for second non-volatile memory 143. If only asingle non-volatile memory is used, secondary controller 107 writes thetracked holdup time and/or acknowledgements directly to non-volatilememory 103 via HOLDUP TIME signal 119. In this embodiment, it may bepreferable to have a dedicated partition in non-volatile memory 103 forsecondary controller 107 to write the tracked holdup time and/oracknowledgements. Further, in this embodiment, non-volatile memory 103preferably operates at voltage that is lower than the minimum operablevoltage of the SSD controller 101 so that the non-volatile memory 103continues to operate on backup power for a period of time after SSDcontroller 101 received RESET signal 121. If non-volatile memory 103 isa NAND flash memory, it may be desirable to have a second non-volatilememory 143 that is an EEPROM, NOR flash memory or equivalent to writethe tracked holdup time and/or acknowledgements. Repeatedly performingerase and write operations to a page of NAND flash memory is inefficientand can result in damaging the page in memory.

FIG. 2. is a timing diagram of one embodiment of an SSD with PLP, asdescribed above, having a backup power source 115, a power circuit(comprised of a power fail switch 111 and a power monitor 113), aprimary controller 101 and a secondary controller 107. During normaloperation a host interface 109 provides power to the SSD with PLP. AHOST PWR signal 201 monitors the power provided by the host interface109 and a BACKUP PWR signal 209 monitors the charge accumulated withinthe backup power source 115. During normal operation the host interface109 (or any other power source available during normal operation)supplies power to the supercapacitor 115. During normal operation thereis no load on the backup power source 115, which allows the accumulatedcharge on the backup power source 115 to remain substantially constant(represented by the constant portion of BACKUP PWR signal 209). Duringnormal operation, the primary controller 101 performs read and writeoperations to a volatile memory 105 (represented by rising and fallingedges of SSD READ/WRITE signal 215).

The power circuit causes a BACKUP ENABLE signal 207 to transition fromhigh to low if the power circuit detects that the power provided by thehost interface 109 falls below a predefined threshold 203 (representedby falling edge of signal 201 crossing threshold 203). When BACKUPENABLE signal 207 transitions from high to low, the backup power source115 (e.g., supercapacitor, battery, or other backup powers source) isenabled. When power from the host interface 109 falls below a predefinedthreshold 203, SSD with PLP also causes a PFAIL signal 205 to transitionfrom high to low. In response to signal 207 transitioning from high tolow, the backup power source 115 begins to power the SSD with PLP andthe charge accumulated in the backup power source 115 begins to declinein proportion to the load presented by the SSD with PLP (represented bythe declining portion of signal 209).

Further, in response to PFAIL signal 205 transitioning from high to low,the primary controller 101 begins a power loss procedure to completepending commands and save critical data structures from volatile memory105 to non-volatile memory 103. When PFAIL signal 205 transitions fromhigh to low, SSD with PLP does not accept further read or write commandsfrom the host interface 109. Additionally, in response to PFAIL signal205 transitioning from high to low, the secondary controller 107 startsa timer, represented by a HOLDUP CLK signal 219, to measure the durationof time for which the primary controller 101 can operate on backup powersupplied by the backup power source 115.

When HOLDUP CLK signal 219 begins oscillating, the primary controller101 may send an acknowledgement bit to the secondary controller 107through a signal 145, which the secondary controller 107 then writes toa second non-volatile memory 143 confirming that the secondarycontroller 107 started tracking the holdup time (represented by thefirst high to low to high transition of PLP ACK signal 217). Each timethe primary controller 101 completes a step of the power loss procedureanother acknowledgement may be sent to the secondary controller 107 andstored in second non-volatile memory 143. For example, the secondarycontroller 107 may store an acknowledgement bit in the secondnon-volatile memory 143 (represented by the second high to low to hightransition of PLP ACK signal 217) when the SSD controller 101 storescritical data structures from volatile memory 105 to non-volatile memory103. The primary controller 101 sends another acknowledgement bit to thesecondary controller 107 to be stored in second non-volatile memory 143(represented by the third high to low to high transition of PLP ACKsignal 217) when the SSD controller 101 completes pending read/writecommands (represented by the constant portion of SSD READ/WRITE signal215).

Each time HOLDUP CLK signal 219 transitions from high to low, thesecondary controller 107 tracks the holdup time by storing a holdup timebit 223 in second non-volatile memory 143 (i.e., a “0” bit is stored).

When the backup power voltage falls below a predefined threshold 211(represented by BACKUP PWR signal 209 crossing threshold 211) the SSDwith PLP causes a RESET signal 213 to transition from high to low.Predefined threshold 211 represents the minimum regulated voltage atwhich the primary controller 101 can operate. Upon the transition of theRESET signal 213 from high to low the primary controller 101 ceases allfunctions and powers down and the HOLDUP CLK signal 219 of the secondarycontroller 107 stops oscillating. Once HOLDUP CLK signal 219 stopsoscillating, further holdup time bits 223 will not be stored by thesecondary controller 107 to second non-volatile memory 143. Thus, HOLDUPCLK signal 219 starts oscillating when HOST PWR signal 201 crossesthreshold 203 and stops oscillating when BACKUP PWR signal 209 crossesthreshold 211, effectively tracking the duration of time that theprimary controller 101 operated on backup power. If the HOLDUP CLKsignal 219 transitions from high to low twenty times, twenty holdup timebits 223 (represented by “0”s) are stored by the secondary controller107 in second non-volatile memory 143. If HOLDUP CLK signal 219 is a 200Hz signal having a period of 5 ms (i.e., predefined interval or periodof the clock signal), the holdup time measured by HOLDUP TIME signal 221is 100 ms.

If the primary controller 101 is unable to complete the power lossprocedure during backup power, HOLDUP TIME signal 221 tracks theduration of time for which the primary controller 101 operated on backuppower and PLP ACK signal 217 identifies the last step of the power lossprocedure completed by the primary controller 101.

Although the timing diagram of FIG. 2 describes various steps occurringas a result of the signals transitioning from high to low (i.e., as aresult of a falling edge of a signal), in an alternative implementationthe various steps may occur as a result of the signals transitioningfrom low to high (i.e., as a result of a rising edge of a signal), or acombination of signals transitioning from low to high and high to low.

In another embodiment, second non-volatile memory 143 can be an internalcomponent of secondary controller 107. In another embodiment,non-volatile memory 103 can be used by the secondary controller 107 tostore the tracked holdup time and/or acknowledgements, eliminating theneed for second non-volatile memory 143.

FIG. 3 is a block diagram of one embodiment of an SSD with PLP 300during normal operation. A volatile memory 303 is used for the temporarystorage of commands and data that is being processed by an SSDController 301. The SSD controller 301 stores in volatile memory 303 acommand queue 303 a containing incoming commands from a host interface309, a logical to physical address translation table, or L2P table 303b, and a log of updates to be applied to the L2P table, or L2P updatelog 303 c. The volatile memory 303 can comprise DRAM, SRAM, T-RAM, Z-RAMand/or any other type of volatile memory known in the art.

SSD controller 301 also communicates with a non-volatile memory 305,which is typically an array organized in banks of non-volatile memorydevices 311 a-d, 313 a-d, 315 a-d, and 317 a-d, which provide permanentor long-term storage for the data. The non-volatile memory devices 311a-d, 313 a-d, 315 a-b, and 317 a-b can comprise, NAND flash memory, NORflash memory, an EEPROM or any other non-volatile memory known in theart in any combination.

The SSD controller 301 temporarily buffers commands 347 received fromthe host interface 309 in a command queue 303 a in the volatile memory303. When the SSD controller 301 executes a command 347 received fromthe host interface 309, the SSD controller 301 returns anacknowledgement, ACK signal 345, to the host interface 309. If thecommand 347 is a read command, the SSD controller 301 does not issue anacknowledgement, ACK signal 345, until the read command is performed andthe data is returned to the host interface 309. If the command 347 is awrite command, the SSD controller 301 may issue the ACK 345 signal assoon as the command is stored in the command queue 303 a, on theassumption that the command will be processed and the data will bestored in non-volatile memory 305. When the SSD controller 301 sends anacknowledgement to the host interface 309 for a write command that hasnot yet been executed, the SSD controller 301 updates the command queue303 a in the volatile memory 303 to indicate that an acknowledgement wassent (represented by assigning an ACK value of “1” in command queue 303a). If a write command is acknowledged before it is written to thenon-volatile memory 305, the data for the write command is criticalinformation if there is a loss of power, as the host interface 309thinks the write command was executed by the SSD controller 301. If thewrite command is not executed by the SSD controller 301 before a loss ofpower, when the host interface 309 requests that data upon a subsequentpower-up, out of date or incorrect data may be returned by the SSDcontroller 301.

The SSD controller 301 processes the commands in the command queue 303 aand the data is read from and written to the non-volatile memory 305using multiple memory data channels 321, 323, 325 and 327. In otherembodiments, the non-volatile memory 305 may comprise any number ofchannels (i.e., 1 or more). Each channel is controlled independently bya channel controller 301 a, 301 b, 301 c and 301 d within the SSDcontroller 301, and each channel controller communicates with acorresponding subset of the non-volatile memory devices 311 a-d, 313a-d, 315 a-d, and 317 a-d. Within each channel controller 301 a-d, thereis a channel command queue 331, 333, 335 and 337. Within each channelcommand queue 331, 333, 335 and 337, there may be a different mixture ofmemory commands directed to the corresponding non-volatile memorydevices, including read (represented by “R”), write/program (representedby “P”) and erase (represented by “E”).

Similarly, secondary controller 307 includes a channel controller 307 athat allows the secondary controller 307 to write to non-volatile memorydevices 355 a-d of second non-volatile memory 353 through acommunication channel 351. The non-volatile memory devices 355 a-d cancomprise, NAND flash memory, NOR flash memory, an EEPROM or any othernon-volatile memory known in the art in any combination.

The L2P table 303 b is a table that identifies the logical location of adata block that is understood by the host interface 309 (i.e., the logicblock address provided by commands 347 from the host interface 309) andthe location where the data is physically stored in the non-volatilememory 305 (i.e., expressed by non-volatile memory device, block number,page number and offset within the page). The SSD controller 301periodically stores copies of the L2P table 303 b in the non-volatilememory 305 to ensure the data is available if the SSD controller 301and/or volatile memory 303 unexpectedly lose power and power down.However, the SSD controller 301 primarily uses and updates the L2P table303 b stored in volatile memory 303 for fast and convenient access. Uponpower-up, the SSD controller 301 copies the L2P table 303 a fromnon-volatile memory 305 to volatile memory 303.

The L2P Table 303 b must be continuously updated as new or updated datais written to the non-volatile memory 305. In order to maintain goodwrite performance, the SSD controller 301 does not update the copy ofthe L2P table 303 a stored in non-volatile memory 305 every time newdata is written to non-volatile memory 305 as this requires additionalprocessing that causes the SSD with PLP 300 to operate slowly andinefficiently. Instead, the SSD controller 301 maintains the newlywritten data in an L2P update log 303 c that identifies newly writtendata since the last update of the L2P table 303 a stored in non-volatilememory 305. In normal operation when the L2P update log 303 c reaches athreshold requirement, which may be based on the amount of memoryavailable to store the L2P update log 303 c (e.g., the number of entriesin the L2P update log 303 c and/or duration of time since the last L2Pupdate log 303 c was saved), the SSD controller 301 may update anycopies of L2P table 303 b in non-volatile memory 305 (not shown). In analternative embodiment, L2P update log 303 c is used to update anycopies of the L2P table 303 b in non-volatile memory 305 (not shown) atpredefined intervals. Performing these updates at predefined intervalsensures that a large sequence of L2P write activity does not cause theL2P update log 303 c to exceed the amount of memory available to storethe L2P update log 303 c in volatile memory 303. The periodic updatingof the L2P tables (in volatile and non-volatile memory) means that atthe instant when a power failure occurs, the L2P tables in non-volatilememory 305 may be missing the latest updates from the L2P update log 303c. Accordingly, the L2P update log 303 c is also considered criticalinformation that should be written to the non-volatile memory 305 ifthere is a loss of power.

FIG. 4 is a block diagram of another embodiment of an SSD with PLP 400during a loss of power. A power monitor 449 is configured to detect aloss of power provided to the SSD with PLP 400 from a host interface409. A loss of power from host interface 409 may occur for a number ofreasons, including, for example, removal of the SSD from the systemduring operation, a hardware failure, loss of electrical power to thehost device due to a power outage, or a large load on the host devicethat causes a temporary drop out in the power supplied by the hostdevice. Power monitor 449 may detect a loss of power by detecting thatthe power supplied by host interface 409 falls below a predefinedthreshold (e.g., 5 volts) for a predefined period of time (e.g., 5milliseconds). Alternatively, it may be desirable to use only apredefined voltage threshold for detecting a loss of power as someapplications may require detecting an instantaneous loss of power. Whenpower monitor 449 detects a loss of power, it immediately emits a PFAILsignal 439 identifying the loss of power to the SSD controller 401 andthe secondary controller 407. Power monitor 449 also enables a backuppower source (not shown), which provides backup power to SSD with PLP400. Alternatively, either SSD controller 401 or secondary controller407 may enable the backup power source (not shown) in response toreceiving PFAIL signal 407.

Power monitor 449 also monitors the backup power source. When powermonitor 449 detects the voltage of the backup power source fall below athreshold voltage (i.e., the minimum voltage at which SSD controller 401can continue to operate) power monitor 449 emits a RESET signal 441 toSSD controller 401, which is also monitored by secondary controller 407.RESET signal 441 causes the SSD controller 401 to cease all operationsand shut down prior to SSD controller 101 losing power. Preferably,secondary controller 407 and second non-volatile memory 453 operate atvoltages that are lower than the minimum operable voltage of the SSDcontroller 401. Accordingly, secondary controller 407 and secondnon-volatile memory 453 will continue to operate on backup power for aperiod of time after SSD controller 401 received the RESET signal 421.

Upon receiving the PFAIL signal 439, the SSD controller 401 ceasesnormal operation and begins performing a power loss procedure to processpending commands and save critical data structures to non-volatilememory 405 before backup power is lost to SSD controller 401 and/orvolatile memory 403. Pending commands in channel command queues 431,433, 435 and 437 (e.g., read, write/program, and erase commands, notshown) are not changed or stopped by the SSD controller 401. Since thebackup power source continues to power non-volatile memory 405, thepending commands in channel command queues 431, 433, 435 and 437 areexecuted. In another embodiment, all read commands in channel commandqueues 431, 433, 435 and 437 are disregarded because the data is simplynot read and no data or acknowledgement, ACK signal 445, is returned tothe host interface 409. In this case, the host interface 409 may later(after having regained power) process the error and take remedial action(e.g., by retrying the command or returning a read error to theapplication that caused the command to be issued). In anotherembodiment, all pending commands in channel command queues 431, 433, 435and 437 may be stopped by the SSD controller 401 to reduce theconsumption of backup power and ensure that critical data structure canbe saved to non-volatile memory 405 before backup power is lost to SSDcontroller 401 or volatile memory 403. After processing and/or stoppingpending commands in channel command queues 431, 433, 435 and 437, theSSD controller 401 begins saving critical data from volatile memory 403to non-volatile memory 405. There may be write commands in command queue403 a that were acknowledged by SSD controller 401 but were not actuallywritten to non-volatile memory 405. If the write commands are lost dueto a power failure, when the host later tries to retrieve the associateddata, either the data returned will be old data or the data will beabsent and an error will be returned. Accordingly, SSD controller 401saves a copy of the command queue 403 a to non-volatile memory 405containing at least the acknowledged write commands that have not beenprocessed in command queue 405 a.

In one embodiment, the read commands and unacknowledged write commandsin command queue 403 a are omitted from the command queue 405 a storedto non-volatile memory 405. The host can determine that it needs toreissue unexecuted read commands if the host interface 409 did notreceive data in response to the read command from the SSD controller 101prior to the loss of power. Similarly, the host can determine that itneeds to reissue write commands if the host interface 409 did notreceive an acknowledgement from the SSD controller 401 that the SSDcontroller 401 would write the data to non-volatile memory 405 prior tothe loss of power. However, it may be desirable to save all commandsfrom command queue 403 a to the command queue 405 a, includingunacknowledged write commands (and the associated data to be written)and read commands. The SSD controller additionally must save the L2Pupdate log 403 c to non-volatile memory 405 as L2P update log 405 c. Itis important to save the L2P update log 403 c to non-volatile memory 405because the L2P table 403 b stored in volatile memory 403 and the L2Ptable 405 b stored in non-volatile memory may not be up-to-date. The SSDcontroller 401 may send an acknowledgment to secondary controller 407,via ACK signal 443, each time the SSD controller 401 completes a step ofthe power loss procedure.

Upon receiving PFAIL signal 439, the secondary controller 407 starts atimer to track the duration of time for which the SSD controller 401 canoperate on backup power supplied by the backup power source. The timerof secondary controller 407 can be a clock signal having a predefinedfrequency. Upon each rising or falling edge of the clock signal (i.e.,predefined interval or period of the clock signal), a channel controller407 a of secondary controller 407 transmits a write command over memorydata channel 451 causing the second non-volatile memory 453 to store aholdup time bit 453 a (represented by a “0” bit). If the SSD controller401 sends an acknowledgement to the secondary controller 407 indicatingthat a particular step of the power loss procedure is complete, via ACKsignal 443, the secondary controller 407 can transmit a write commandover memory data channel 451 causing the second non-volatile memory 453to store an SSD ACK bit 453 b (represented by a “0” bit). When thesecondary controller 407 monitor identifies RESET signal 441, thesecondary controller 407 stops the timer and the total number of holduptime bits 453 a stored in second non-volatile memory 453 represent theholdup time of SSD controller 401 during backup power. For example, ifthe timer of secondary controller 407 is a 1 kHz clock signal and 10holdup time bits 453 a (represented by ten “0s”) are stored in secondnon-volatile memory 453, the holdup time bits 453 a indicate that theSSD controller 401 operated for a holdup time of 10 milliseconds. It maybe desirable to use a higher frequency clock signal to measure theholdup time, as a higher frequency clock signal will result in betterresolution for tracking holdup time. Further, the total number of SSDACK bits 453 b stored in second non-volatile memory 453 represents thenumber of steps from the power loss procedure completed by SSDcontroller 401.

In another embodiment, the secondary controller 407 periodicallytransmits the current holdup time upon each rising or filing edge of aclock signal. For example, if a 1 kHz clock signal is used, every 1 ms(i.e., predefined interval or period of the clock signal) the secondarycontroller 407 transmits the measured holdup time to second non-volatilememory 453. After 5 ms, the value stored in second non-volatile memory453 is 5 ms, after 7 ms, the value stored in second non-volatile memory453 is 7 ms, etc.

After the SSD controller 401 completes the power loss procedure inresponse to the loss of power, the data previously stored in volatilememory 403 is lost (e.g., command queue 403 a, L2P table 403 b and L2Pupdate log 403 c) and the non-volatile memory 405 contains all of thenecessary critical information to restart the SSD with PLP 400.

If the SSD controller 401 is unable to complete the power loss procedureduring backup power, holdup time 453 ad indicates the duration of timefor which the SSD controller 401 operated on backup power and SSD ACK453 b identifies the last step of the power loss procedure completed bythe SSD controller 401.

When the SSD with PLP 400 regains power, the SSD controller 401 sendsrequests over communication channel 457 to the secondary controller 407requesting that the secondary controller 407 return the holdup timeand/or acknowledgements. The channel controller 407 a of secondarycontroller 407 retrieves the holdup time 453 a and acknowledgements, SSDACK 453 b, by sending read signals over memory data channel 451 tonon-volatile memory devices 455 a-d. If the holdup time was tracked bystoring holdup time bits 453 a in the second non-volatile memory 453,the secondary controller 407 calculates the holdup time and transmitsthe calculated holdup time to the SSD controller 401 over communicationchannel 457. If the holdup time was tracked by storing the measuredholdup time at predefined intervals, the secondary controller 407retrieves the last measurement of holdup time and returns the holduptime to the SSD controller 401 over communication channel 457.Similarly, the secondary controller 407 returns the acknowledgements,SSD ACK 453 b, to the SSD controller 401 over communication channel 457.When the SSD controller 401 receives the holdup time and/oracknowledgments from the secondary controller 407, the SSD controller401 stores the data in an operational log.

In another embodiment, second non-volatile memory 453 can be an internalcomponent of secondary controller 407. In another embodiment,non-volatile memory 405 can be used by the secondary controller 407 tostore the tracked holdup time 453 a and/or acknowledgements 453 b,eliminating the need for second non-volatile memory 453.

FIG. 5 is a flowchart of steps 500 for one embodiment of performing PLPfor an SSD, as described above. The SSD with PLP, comprising an SSDcontroller 101, a secondary controller 107, a volatile memory 105, anon-volatile memory 103, a second non-volatile memory 143 and a powercircuit (comprised of power fail switch 111 and power monitor 113)connected to a host device, such as a computer, via a host interface109, as described above. At step 501, the power circuit detects a dropin the power supplied from the host interface 109, indicating that thehost device has experienced a loss of power. In one embodiment, thepower circuit sends an alert signal to the SSD controller 101 and thesecondary controller 107 indicating the loss of power. At step 503, thepower circuit switches to a backup power supply 115 to provide power tothe SSD controller 101, the secondary controller 107, the volatilememory 105, and the non-volatile memory 103. The backup power supply 115may comprise a supercapacitor, a battery, or any other suitable devicefor providing backup power to the components of the SSD, or anycombination thereof. Additionally, at step 503, the secondary controller107 starts a timer to track the duration of time for which the SSDcontroller 101 can operate on backup power.

At step 505, the SSD controller 101 processes all of the acknowledgedwrite commands in the channel command queues. As previously discussed,acknowledged write commands are critical information in the event of apower failure because, upon reboot, the hose device will expect thatcertain data has been written to the non-volatile memory 103.Optionally, in one embodiment, at step 505, the SSD controller 101 mayalso processes all unacknowledged write commands and read commands inthe channel command queues as would be done in normal operation.Processing all unacknowledged write commands and read commands in thechannel command queues is not necessary because the host device cansimply reissue any failed read and/or write commands when power isrestored to the SSD, as the host will not expect that an unacknowledgedread or write command was processed.

At step 507, the L2P update log is copied from the volatile memory 105to non-volatile memory 103. At step 509, all acknowledged write commandsin the host command queue are copied to non-volatile memory 103.Optionally, in one embodiment, at step 511 all read and unacknowledgedwrite commands in the host command queue are also copied to non-volatilememory 103. However, as previously discussed, read and unacknowledgedwrite commands are not critical information that must be saved tonon-volatile memory 103 and can be addressed by the host device afterregaining power with no detrimental effect. Accordingly, in oneembodiment, step 511 is skipped to reduce the amount of informationcopied to the non-volatile memory 103 and the method steps 500 proceedsdirectly from step 509 to step 511.

After the SSD controller 101 completes each of steps 505, 507, 509 and511, the SSD controller 101 may be programmed to send an acknowledgementsignal to the secondary controller 107 indicating that a particular stepof the power loss procedure completed. If the secondary controller 107receives an acknowledgement from the SSD controller 101, the secondarycontroller 107 may store the acknowledgement in second non-volatilememory 143 after the completion of the respective step.

At step 513, the power circuit detects that the power supplied by thebackup power source 115 has fallen below a predefined threshold thatrepresents the minimum voltage at which the SSD controller 101 cancontinue to operate. At step 515, the power circuit applies a RESETsignal to the SSD controller 101. The secondary controller 107 andsecond non-volatile memory 143 preferably operate at a lower voltagethan the SSD controller 101, and thus, continue to operate on backuppower for a longer period of time than the SSD controller 101. Inresponse to applying RESET to the SSD controller 101 (step 515), at step517 the secondary controller 107 stops the timer for tracking holduptime. During the time that SSD controller 101 is operating on backuppower (i.e., steps 503 through 515), the secondary controller 107periodically stores an indication of the tracked holdup time in secondnon-volatile memory 143. At step 519, the SSD powers down. At step 521,after the host device regains power the SSD device powers back up. Atstep 523, the SSD controller 101 sends a request to secondary controller107 to return the holdup time and acknowledgements. In response to therequest from SSD controller 101, secondary controller 107 retrieves theholdup time and acknowledgements stored in second non-volatile memory143 and returns the data to SSD controller 101. If the holdup time istracked by storing holdup time bits in second non-volatile memory 143,secondary controller 107 calculates the holdup time and returns thecalculated holdup time to SSD controller 101. SSD controller 101 storesthe holdup time and acknowledgements received from secondary controller107 in an operational log. In an alternative embodiment, only a singlenon-volatile memory may be used (e.g., non-volatile memory 103). In thisembodiment, at step 523, the secondary controller 107 retrieves theholdup time and acknowledgements stored in volatile memory 103 andreturns the data to SSD controller 101. At step 525, the SSD controller101 repopulates the L2P table and L2P update log from non-volatilememory 103 to the volatile memory 105. At step 527, the SSD controller101 reconstructs the host command queue from non-volatile memory 103 tothe volatile memory 105. At step 529, the SSD controller 101 can resumenormal read, write, and erase operations.

If the SSD controller 101 is unable to complete any of steps 505, 507,509 or 511 (represented by dashed lines), steps 513 through 523(represented by solid lines) would still execute as these steps occurwhen the power circuit detects the backup power source 115 is below apredefined threshold. The holdup time in step 517 indicates the durationof time for which the SSD controller 101 operated on backup power andthe acknowledgements identify the last step of the power loss procedurecompleted by the SSD controller 101. If the SSD controller 101 is unableto store all critical information (i.e. the acknowledged write commandsin the channel command queue, acknowledged write commands in commandqueue, or L2P update log), when the SSD controller 101 powers up at step521, the SSD controller 101 will be in a failed state. Thus, the SSDcontroller 101 may not be able to perform some or all of steps 525, 527and 529 (represented by dashed lines).

Although method steps 500 describe a power circuit as detecting a lossof power from a host device and switching to a backup power source 115,either the SSD controller 101 or the secondary controller 107 could beconfigured to perform this step. Additionally, the secondary controller107 can be further configured to detect the backup power source 115below a predefined threshold and apply RESET to the SSD controller 101.

Implementing method steps 500 for an SSD with PLP allows for an accuratemeasurement of the time for which the primary controller 101 operates onbackup power along with an indication of the steps of the power lossprocedure that the primary controller 101 was able to perform.

Other objects, advantages and embodiments of the various aspects of thepresent invention will be apparent to those who are skilled in the fieldof the invention and are within the scope of the description and theaccompanying Figures. For example, but without limitation, structural orfunctional elements might be rearranged, or method steps reordered,consistent with the present invention. Similarly, principles accordingto the present invention could be applied to other examples, which, evenif not specifically described here in detail, would nevertheless bewithin the scope of the present invention.

What is claimed is:
 1. A solid state drive (SSD) comprising: a primarycontroller operable at a first minimum operable voltage; a secondarycontroller operable at a second minimum operable voltage that is lessthan the first minimum operable voltage; and a power circuit configuredto supply power to the primary controller and the secondary controllerfrom a power source during normal operation of the SSD and from a backuppower source in response to a loss of power supplied by the powersource, wherein the secondary controller is configured to track a timefrom the loss of power supplied by the power source to a reset of theprimary controller, wherein the primary controller is not operable at asupply voltage below the first minimum operable voltage, and thesecondary controller is operable at the supply voltage below the firstminimum operable voltage.
 2. The SSD of claim 1, wherein a host devicecomprises the power source.
 3. The SSD of claim 1, wherein the backuppower source comprises a capacitor or a battery.
 4. The SSD of claim 1,wherein the loss of power comprises the power source falling below afirst predefined threshold; and the reset of the primary controlleroccurs in response to the backup power source falling below a secondpredefined threshold.
 5. The SSD of claim 4, wherein the secondarycontroller is further configured to detect the power source fallingbelow the first predefined threshold and the backup power source fallingbelow the second predefined threshold.
 6. The SSD of claim 4, whereinthe second voltage is less than the second predefined threshold.
 7. TheSSD of claim 1, wherein the secondary controller further comprises atimer to track the time.
 8. The SSD of claim 7, further comprising anon-volatile memory operable at the second minimum operable voltage incommunication with the secondary controller, and the secondarycontroller is further configured to track the time by causing a bit tobe stored in the non-volatile memory at predefined time intervals. 9.The SSD of claim 8, wherein the secondary controller is furtherconfigured to cause the time to be stored in the non-volatile memory atpredefined time intervals after the loss of power.
 10. The SSD of claim1, further comprising a volatile memory in communication with theprimary controller and a second non-volatile memory in communicationwith the primary controller, and the primary controller furtherconfigured to transfer critical information from the volatile memory tothe second non-volatile memory in response to a loss of power.
 11. TheSSD of claim 10, wherein the critical information comprises a logical tophysical address update log.
 12. The SSD of claim 1, further comprisinga non-volatile memory that is a component of the secondary controller.13. A method of power loss protection (PLP) for a solid state drive(SSD), the method comprising: supplying power from a power source duringnormal operation of the SSD and from a backup power source in responseto a loss of power supplied by the power source; supplying power to aprimary controller operable at a first minimum operable voltage, asecondary controller and a non-volatile memory operable at a secondminimum operable voltage that is less than the first minimum operablevoltage, the non-volatile memory being in communication with thesecondary controller; and tracking a time from the loss of power to areset of the primary controller, wherein the primary controller is notoperable at a supply voltage below the first minimum operable voltage,and the secondary controller is operable at the supply voltage below thefirst minimum operable voltage.
 14. The method of claim 13, furthercomprising supplying backup power from a capacitor or a battery.
 15. Themethod of claim 13, further comprising detecting the power sourcefalling below a first predefined threshold.
 16. The method of claim 13,further comprising detecting the backup power source falling below asecond predefined threshold.
 17. The method of claim 13, furthercomprising storing an indication of the tracked time at predefined timeintervals.
 18. The method of claim 13, further comprising storingcritical information in response to the loss of power in a secondnon-volatile memory in communication with the primary controller. 19.The method of claim 13, further comprising storing an L2P update log inresponse to the loss of power.
 20. The method of claim 13, furthercomprising storing the tracked time after regaining power from the powersource.